[TriLUG] PIX 501 questions

Brandon L. Newport bnewport at appws.com
Fri Jan 31 23:26:03 EST 2003


What type of add-ons did you need...it has VPN and Firewall built in.  I
have configured many a pix and unless you want URL filtering or something of
that nature they are pretty easy to setup.

-brandon 

-----Original Message-----
From: trilug-admin at trilug.org [mailto:trilug-admin at trilug.org] On Behalf Of
Ken Mink
Sent: Friday, January 31, 2003 10:56 AM
To: trilug at trilug.org
Subject: Re: [TriLUG] PIX 501 questions


I was helping a friend configure a PIX that donated to a non-profit he
worked with. After much cussing, we figured out it needed some add-ons that
would cost way more than a small non-profit has. My friend sold the PIX and
used the money to buy a low-end PC. We loaded Linux, set up iptables, and
never looked back. That was my only experience with a PIX. It may not have
been the norm. The PIX may have worked fine with the add-on software, who
knows. I've used iptables as a corporate firewall more than once. I like the
flexibility and the control. If you've got the physical space for the PC,
it's the way I'd go.

Ken

On Thu, 2003-01-30 at 23:19, Glen Ford wrote:
> Not a directly Linux related question, but I hope the good folks on 
> this
> list might be able to help.
> In an effort to learn a little about Cisco Pix products I has swapped 
> out my Linksys DSL route with a PIX 501.  I use the Linksys and now the 
> pix as firewall between my home boxes and my RoadRunner cable modem. 
> Pretty standard stuff.
> 
> 
> I am having two problems with my PIX 501.
> 
> 
> 1.  The outside interface of my PIX gets assigned by the ISP via dhcp.
> This works for the most part, except periodically loose connectivity to 
> my RoadRunner router.  I know this because my wife complains that she 
> can not use the browser. I check the connection by pinging the router 
> from the command line inside the PIX. The pings fail and I have to issue 
> the following command to regain my connectivity."ip address outside dhcp 
> setroute retry 5"  . This is proving to be irritating. Why does the 
> outside PI loose connectivity to the route?
> 
> 
> 2. With the Linksys I am able to use  Cisco VPN client for Linux 
> without
> any problems.  I.E. from server behind Linksys I am able to establish a 
> vpn connection to my corporate network.  This is a ipsec tunnel over UDP 
> port 500 (esp).  The Linksys passes this traffic without any problems.  
> linux (vpn client) ---> linksys ----> vpn end-point
> However when I use the PIX it does not work.  I know I am passing the 
> udp port 500 traffic because I see it leaving the outside interface of 
> the PIX.  I use debug command to see it.  I do not see any reply traffic 
> coming pack from the vpn request.  The packets leaving the PIX are 
> addressed with source of the outside interface and destination of my 
> corporate vpn end point.  This all seem correct except I do not see any 
> traffic coming back from the corporate end-point.  After some time the 
> vpn client croaks and says that it timed out trying to make the
connection.
> 
> Any help with either/both of these two questions would be much 
> appreciated.
> 
> Thanks,
> /Glen
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html







More information about the TriLUG mailing list